Count me in Posted July 23, 2020 Share Posted July 23, 2020 (edited) I'm curious what people think about this. I opened osbot and my anti-virus quarantine and removed this: Behavior:Win32/Atosev.A!sms. It appears to be a trojan. It was through the java.exe through program files. I have only official scripts Thoughts? False positive? Actual malicious malware? Edited July 23, 2020 by Count me in Quote Link to comment Share on other sites More sharing options...
Protoprize Posted July 23, 2020 Share Posted July 23, 2020 12 minutes ago, Count me in said: I'm curious what people think about this. I opened osbot and my anti-virus quarantine and removed this: Behavior:Win32/Atosev.A!sms. It appears to be a trojan. It was through the java.exe through program files. I have only official scripts Thoughts? False positive? Actual malicious malware? It's a false positive Some A/V software will look for code that injects into other programs, and since osbot is literally injecting a payload into the osrs client to bot, your A/V thinks it's doing something malicious Quote Link to comment Share on other sites More sharing options...
Count me in Posted July 23, 2020 Author Share Posted July 23, 2020 1 minute ago, Protoprize said: It's a false positive Some A/V software will look for code that injects into other programs, and since osbot is literally injecting a payload into the osrs client to bot, your A/V thinks it's doing something malicious Thanks for the fast response. Why would it happen at random when I've opened scripts/clients hundreds of times? Why THAT time? Quote Link to comment Share on other sites More sharing options...
Protoprize Posted July 23, 2020 Share Posted July 23, 2020 2 hours ago, Count me in said: Thanks for the fast response. Why would it happen at random when I've opened scripts/clients hundreds of times? Why THAT time? Because osbot needs to download files for the scripts, and if the program already suspects the client itself to be malicious, it will react the same when it tries to download anything. Just add it to your exception list and you should be fine Quote Link to comment Share on other sites More sharing options...
K1ngsterZ Posted July 26, 2020 Share Posted July 26, 2020 On 7/23/2020 at 7:55 AM, Count me in said: I'm curious what people think about this. I opened osbot and my anti-virus quarantine and removed this: Behavior:Win32/Atosev.A!sms. It appears to be a trojan. It was through the java.exe through program files. I have only official scripts Thoughts? False positive? Actual malicious malware? As others have stated, completely normal to get false positives. Especially if using just windows defender etc. Quote Link to comment Share on other sites More sharing options...
